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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 133). 
Any reply received by the Office later than three months after t he mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) ^ Responsive to communication(s) filed on 22 February 2007 . 
2a)S Thisaction is FINAL. 2b)Q This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-18 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 2/22/07 have been fully considered but they are not persuasive. 

Applicant argues that Li does not show "a plurality of device-agnostic policy implementation, in 
which the device-agnostic policy implementations include non-security policy implementations." Applicant 
asserts that the Li reference is only limited to security policies and thus does not teach implementing non- 
security policies. The above argument is present in the amended claims 1,10 and 18, in which applicant 
asserts that they are only intended to clarify the existing subject matter of the claims and are not intended 
to be narrowing the scope of the original claims. In response to applicant's argument, examiner would 
like to first refer to applicant's specification in which applicant states that many policies may be managed 
by a network; these policies including access control, quality of service, backup and availability. It is clear 
to examiner that access control is a security policy. Examiner is interpreting quality of service, backup 
and availability as possible non-security policies. Since applicant's specification does not specifically 
define non-security policies, examiner believes this interpretation to be in line with applicant's intentions. 
Examiner would now like to refer applicant to the Li reference. Again, applicant argues that Li does not 
teach implementing non-security policies. On paragraph 30 of the Li reference, Li teaches an application 
module capable of monitoring and tracking security threat information or event information. Examiner 
interprets the tracking of event information to be equivalent to backup. Since backup was interpreted 
above as a non-security policy, examiner asserts that Li does indeed teach non-security policies. 

Applicant further states that Li does not teach a plurality of device translators, each device 
translator corresponding to a respective one of said plurality of network devices and one of said plurality 
of device-agnostic policy implementations. The previous office action already asserted that each device 
translator corresponds to a respective one of said plurality of network devices. Applicant's statement that 
Li does not teach this limitation without any reason or justification is insufficient to overcome the previous 
office action's rejection. In response to applicant's amendment that each device translator corresponds 
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respectively to one of said plurality of device-agnostic policy implementations, examiner believes the 
above citation of Li reference in response to the previous argument is sufficient. 

Applicant further argues that the policy decision translators in Li do not correspond to one of said 
plurality of network devices nor do they correspond to one of said plurality of device-agnostic policy 
implementations. Policy decision translators are not present in the current claim language. Therefore 
this argument is not treated. 

In view of the above, examiner asserts that applicants arguments are insufficient to overcome the 
rejections of the previous office action and thus said rejections have been maintained. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-8, and 10-16 are rejected under 35 U.S.C. 102(e) as being anticipated by Li et 
al., US PGP No. 20040193912, hereinafter Li. 
As per claims 1,10, and 18, Li teaches: 

A system for implementing a policy in a network, said system comprising: 

a device-agnostic policy implementation; 

[see paragraph 26] "Security policies are centrally stored in a policy repository. The data format 
of the security policies is in an intermediate format that is translated to formats that can be 
consumed and enforced on each of the security-enabled devices of the network. " 



a plurality of network devices, at least two of said devices being dissimilar; and 
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[see paragraph 27] "Security-enabled devices are any processing devices capable of enforcing 
security policies, such as, but not limited to, routers, network hubs, network bridges, switches, 
gateways, clients, servers, stand alone intelligent appliances, computing peripherals, and the 
like." 



a plurality of device translators, each device translator corresponding to a respective one of said plurality 
of network devices, at least two of said device translators being dissimilar, each of said plurality of device 
translators translating said device-agnostic policy implementation into corresponding device-specific 
implementations. 

[see paragraph 28] "One or more policy decision translators interact with the policy repository to 
acquire, distribute, or push security policies to the appropriate security-enabled devices over the 
network. The policy decision translators include logic to convert the intermediate data format of 
the security policies to needed data formats that can be used by each of the security-enabled 
devices. 



As per claims 2 and 13, Li teaches: 

The system according to claim 1 , wherein said device-agnostic policy implementation is selected from the 
group consisting of firewall, Virtual Private Network, Java 2 Enterprise Edition Application, and custom 
operating system. 

[see paragraph 20] "A PEP 1 13 can be an application or a device, such as a server, firewall, 
router, or any other computing device accessible over the network." 



As per claims 3 and 14, Li teaches: 

The system according to claim 1, wherein said device-agnostic policy implementation implements a policy 

selected from the group consisting of access control, quality of service, backup, and availability. 

[see paragraph 21] "The PFP 120 includes integrated feedback information obtained from 
intrusion detection systems (IDS), vulnerability scanners, and the like, which can all be PEPs 
themselves." 

Intrusion detection systems perform functions of access control. 



As per claims 4 and 12, Li teaches: 

The system according to claim 1 , wherein said device translators are represented by Extensible 
Stylesheet Language (XSL) code. 
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[see paragraph 17] "the policy translators are implemented as Extensible Style Sheet Language 
Transformation (XSLT) applications" 

As per claims 5 and 11, Li teaches: 

The system according to claim 1 , wherein said device-agnostic policy implementation is Extensible 

Markup Language (XML) code. 

[see paragraph 17] "The policy translators are implemented as Extensible Style Sheet Language 
Transformation (XSLT) applications, which use one or more Extensible Style Sheets (XSL) to 
render the security policies represented as XML in the policy repository. " 

As per claims 6, Li teaches: 

The system according to claim 3, wherein said policy is represented by Extensible Markup Language 
(XML) code. 

[see paragraph 14] "The security policies are stored in a relational database in a native Extensible 
Markup Language (XML) format " 

As per claims 7 and 15, Li teaches: 

The system according to claim 1 , wherein the device-specific implementation is represented by Command 

Line Interface (CLI) code. ' 

[see paragraph 21] "Pieces of the PFP can communicate in IDMEF, SNMP, or any other CLI or 
protocol required by a security -enabled device within the network. " 

As per claims 8 and 16, Li teaches: 

The system according to claim 1 , wherein the device-specific implementation is represented by 

Application Programming Interface (API) code. 

[see paragraph 30] "Different components of the PFP are designed to communicate with the 
CLIs, APIs, and/or protocols recognized by specific security-enabled device applications." 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 9 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Li as 
applied to claim 1 above, and further in view of Young, US PGP No. 20050160361. 
As per claims 9 and 17, 

The Li reference has been discussed above. Li does not expressly teach: 

The system according to claim 1 , wherein the device-specific implementation is represented by 
Java code. 
Young teaches: 

[see paragraph 57] "adaptation can be invoked via different programmatic paradigms (e.g., API, 
CLI) and can be invoked on a variety of different platforms including, but not limited to, a JAVA 
platform, an XML platform, a COM platform and an ODBC platform." 

Java is a general purpose high level programming language with a number of features that make 
the language well suited for use in the World Wide Web. It would be obvious to one of ordinary skill in the 
art which the subject pertains at the time of the invention to modify the Li reference to incorporate Java 
code in order to enable a common security policy configuration across heterogeneous enterprise 
networks. 



CONCLUSION 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

POINTS OF CONTACT 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 
be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 



Daniel L. Hoang 
5/9/07 
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